// express自带路由
const express = require('express')
const path = require('path')
const app = express()

app.set('views', path.join(__dirname, 'views'))
app.engine('html', require('ejs').renderFile) //模板引擎
app.set('view engine', 'html') //读取的模板文件

// 阻止恶意脚本注入，转码
function transCode(str) {
	str = str.replace(/&/g, '&amp;')
	str = str.replace(/</g, '&lt;')
	str = str.replace(/>/g, '&gt;')
	str = str.replace(/"/g, '&quto;')
	str = str.replace(/'/g, '&#39;')
	str = str.replace(/`/g, '&#96;')
	str = str.replace(/\//g, '&#x2F;')
	return str
}


app.get('/', function(req, res, next) {
	console.log(req.query.xss);
	res.render('index', { //render渲染模板
		title: "Express",
		xss: req.query.xss ? transCode(req.query.xss) : ''
	})
})



app.listen(3030, () => {
	console.log('项目已启动~');
})
